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DETAILED ACTION 



The following is a re-mailing of the action that was mailed 1 1 December 2003. 
Applicant had requested a suspension which was inadvertently ignored. This remailing 
effectively grants applicant the three-month extension. The only difference between this 
mailing and the previous (aside from this paragraph) is the inclusion of an interview 
summary and exclusion of the 892. 



1 . This action is in response to the amendment filed 20 November 2003 that 
cancelled claim 15, added claim 20, and amended claim 11. 



2. Applicant's arguments filed 20 November 2003 have been fully considered but 
they are not persuasive. Applicant did not file any arguments, perse. The argument 
section refers back to the arguments made in paper number 21, amendment E. The 
advisory action gave a rebuttal to those arguments. As the application has been 
RCEed, finality cannot be withdrawn. 

3. Amendment E discusses three preliminary matters, the first two of which do not 
currently pertain to the patentability of the claims. The last preliminary matter alleges 
that the examiner has yet to adequately explain how either Kaufman or Ganesan 
disclose, together or alone, generating different key data for each of a plurality of unit 
storage areas on a storage medium. As the examiner explained in the final office action 
mailed 17 June 2003 (paper 20), the claim language's use of "for" can broadly be read 
to include a key being "for" a storage area after a program that is encrypted with that 
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key is stored in the area. As such, Ganesan's symmetric key reads on the key "for" a 
specific storage area. The rejection in paper 20 (second paragraph of section 7) 
specifically explains the relationship of Ganesan to the claim language. 

4. Applicant feels that the examiner both mischaracterized a previous argument and 
incorrectly ascribed a feature (indirect password encryption) to the prior art. The 
examiner does not agree that any of applicant's arguments have been 
mischaracterized. Ganesan clearly shows indirect public key encryption (see figure 4, 
elements 330, 340, 380, and 390). The teachings of Kaufman render obvious a switch 
from indirect public-key to indirect password encryption. 

5. Applicant argues that the examiner mischaracterizes the claim language "each of 
a plurality of storage areas". Again, the examiner has interpreted the scope of the 
claims broadly. In Ganesan, data is encrypted with a key and then stored in a storage 
area along with a cryptogram of the symmetric key. The symmetric key is random, and 
its generation reads on generation of a key for a specific unit storage area because of 
the breadth of "for". The step of encrypting with a password is covered by the 
combination of Ganesan and Kaufman. Ganesan shows writing the cryptogram to a 
storage medium. Once data is written to a data storage area, the encrypting key is "for" 
that storage area. The claims would not allow for this interpretation if the claims 
specifically mandated that an encryption key be selected for a piece of data based on 
where that piece of data is to be stored. Judging from applicant's arguments, this 
embodiment is within the application's scope. 
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6. Applicant notes that the examiner has said that the private key operates as a 
password. While correct, this is immaterial to the patentability of the claims. Private 
keys are used in public key cryptosystems - they are privately held by one individual 
and decrypt data that has been encrypted using corresponding public keys. A private 
key is thus different than symmetric key, which is used to decrypt or encrypt data that 
has been encrypt or will be decrypted with the same symmetric key. 

7. Applicant raises an interesting issue relating to access to a database versus 
user-accessed data on a database. However, as this has not been related to specific 
claim language, the examiner does not see how it relates to the patentability of the 
claims. 

Claim Objections 

8. Claim20 objected to because of the following informalities: delete "a" in the 
second to last line of the claim. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

9. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

10. Claims 1-14, 16, 17, and 20 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

11. Claim 1 recites the limitation "said key data generating step" in the eleventh line, 
"said encrypted key data" in the sixteenth line, "said data encrypting step" in the 
seventeenth line, and "and said data decoding step" in the last clause. There is 
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insufficient antecedent basis for this limitation in the claim. Change "said" to "the". This 
same correction applies to the other maladies. 

12. Claim 8 recites the limitation "said encrypted key data" across lines 16 and 17. 
There is insufficient antecedent basis for this limitation in the claim. 

13. Claim 20 recites the limitation "said encrypted key data" in line 4, "said generated 
random key data" across lines 5 and 6, "said encrypted data" in line six, "said decoded 
encrypted key data" across lines 1 1 and 12, "said key data generating step" in line 13, 
"said data encrypting step" in line 20, and "said data decoding step" in line 23. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

15. Claims 1,6-8, and 13-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ganesan (5748735) in view of Kaufman (6178508). 

Ganesan's fourth figure shows a symmetric key being generated in element 330. 
Subsequently, this key is encrypted. In element 390, the encrypted symmetric key and 
data encrypted with that symmetric key are stored. With the exception of the password 
stipulation, clause one is hereby rendered obvious. Clause two is anticipated by 
elements 390 and 380. Step 580 in figure 5 shows reading the encrypted symmetric 
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key from a storage medium, meeting the limitations of the third clause. The next step, 
element 585, anticipates the non-password portion of clause four. Element 590 
anticipates clause five. 

In lines 27-31 of column 6, Ganesan stipulates that the encrypted file and 
encrypted key are stored on an associated memory device. This reads on generating a 
key for a storage area. As is apparent from the abstract, the intent of Ganesan is to 
provide storage for a multitude of files. The writing of the encrypted key to the memory 
device has already been described. 

Ganesan says that the symmetric key is encrypted with a private key, not a 
password, although there are some functional similarities between the two: only the 
holder should know both, and both are often used for authentication. There are also 
several differences, such as the former being used in a public key cryptosystem and the 
latter, when acting as a key, being used in a symmetric key cryptosystem, as shown by 
Kaufman in lines 14-24 of column 6. Another difference is that passwords can generally 
be easily remembered while private keys practically require storage on a computer 
readable medium. Therefore it would have been obvious to a person of ordinary skill in 
the art at the time the invention was made to use a password as taught by Kaufman to 
encrypt the symmetric key in Ganesan. As is evident from Kaufman's exclusive-OR 
operation, this would conserve processing power. 

Claim 6 is covered by Kaufman's plurality of passwords and quorum needed to 
decrypt. See columns five and six. Repeated encryptions of a secret are well-known 
and thus claim 7 is anticipated. 
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16. Claims 2 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ganesan and Kaufman as applied to claim 1 above, and further in view of Cruts et al. 
(4780905). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
say that the key is generated per the logic sector of the storage medium. In lines 46-48 
of column 2, Cruts et al. say that a decryption key is based on a formula that uses the 
disc address of data. In lines 24 and 25 above, they say that this saves the user from 
needing to know and remember the encryption key. This is not to say that the 
encryption key is deleted (see abstract). Therefore it would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to associate the 
keys in Ganesan with the memory device on which they were to be stored by forming 
them according to an algorithm based on the address of the data, thereby saving the 
user from needing to remember the encryption keys. 

17. Claims 3, 4, 10, and 11 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ganesan and Kaufman as applied to claim 1 above, and further in 
view of Schneier (Applied Cryptography). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
say that new symmetric keys are generated each time data is written to a spot in the 
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memory device. On pages 6 and7, Schneier mentions the ciphertext-only attack, which 
relies on knowledge of multiple ciphertexts encrypted with the same encryption key. 
One obvious response to this is to use keys but once, which, depending on the 
algorithm, can verge on a one-time pad, which is a perfectly secret algorithm. Therefore 
it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to generate new keys, as suggested by Schneier, every time data 
is written to a memory device in Ganesan. 

Neither Kaufman nor Ganesan say that the symmetric key is made by combining 
a predetermined number of pieces of random data. On page 173, Schneier says that 
good keys are random-bit strings generated by an automatic process. One way to 
achieve this is to generate the key from a reliably random source. This source reads on 
applicant's predetermined number of pieces of random data. Therefore it would have 
been obvious to a person of ordinary skill in the art at the time the invention was made 
to generate the symmetric key in Kaufman using random pieces of data as taught by 
Schneier in order to have a "good" key. 

18. Claim 5 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ganesan and Kaufman as applied to claim 1 above, and further in view of Blakley, III et 
al. (5677952). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
present a system by which passwords are changed. In lines 6-25 of column 7, Blakley, 
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III et al. show a method of changing a password that consists of decrypting data with the 
old password and re-encrypting it with the new password. In Blakley, III et al., these two 
steps occur simultaneously. Therefore it would have been obvious to a person of 
ordinary skill in the art at the time the invention was made to change passwords in the 
system of Ganesan and Kaufman according to the method of Blakley, III et al., thereby 
letting users update their passwords. 

19. Claims 1,2, 6-9, 13, 14, and 16-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bertina et al. (5682027). 

From line 61 of column 1 through line 9 of column 2, Bertina et al. present a 
method of protecting data that includes encrypting the data with a key, where the key is 
based on the memory area in which the data is to be stored. The keys are stored in a 
security module. While not explicitly recited in Bertina et al., the security module could 
obviously be part of the device that contains the memory areas. The keys for the 
memory areas, have been generated. As such, the step of generating different random 
key data for each of a plurality of unit storage areas is anticipated, as are the sub-steps 
of encrypting and decoding data with the random key corresponding to the unit storage 
area in which the data is stored. Writing the key data to the device is also rendered 
obvious. Bertina et al. do not say that the keys in the security module are encrypted 
with a password. Kaufman, in lines 14-24 of column 6, teaches protecting keys by 
encrypting them with a password. Therefore it would have been obvious to a person of 
ordinary skill in the art at the time the invention was made to protect the keys in Bertina 
et al.'s security module by encrypting them with a password, as taught by Kaufman. 
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Claim 6 is covered by Kaufman's plurality of passwords and quorum needed to 
decrypt. See columns five and six. Repeated encryptions of a secret are well-known 
and thus claim 7 is anticipated. 

20. Claims 3, 4, 10, and 11 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bertina et al. and Kaufman as applied to claim 1 above, and further in 
view of Schneier (Applied Cryptography). 

Bertina et al. and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
say that new symmetric keys are generated each time data is written to a spot in the 
memory device. On pages 6 and 7, Schneier mentions the ciphertext-only attack, which 
relies on knowledge of multiple ciphertexts encrypted with the same encryption key. 
One obvious response to this is to use keys but once, which, depending on the 
algorithm, can verge on a one-time pad, which is a perfectly secret algorithm. Therefore 
it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to generate new keys, as suggested by Schneier, every time data 
is written to a memory device in Bertina et al. 

Neither Kaufman nor Bertina et al. say that the symmetric key is made by 
combining a predetermined number of pieces of random data. On page 173, Schneier 
says that good keys are random-bit strings generated by an automatic process. One 
way to achieve this is to generate the key from a reliably random source. This source 
reads on applicant's predetermined number of pieces of random data. Therefore it 
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would have been obvious to a person of ordinary skill in the art at the time the invention 
was made to generate the symmetric key in Kaufman using random pieces of data as 
taught by Schneier in order to have a "good" key. 

21. Claim 5 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bertina et al. and Kaufman as applied to claim 1 above, and further in view of Blakley, III 
et al. (5677952). 

Bertina et al. and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
present a system by which passwords are changed. In lines 6-25 of column 7, Blakley, 
III et al. show a method of changing a password that consists of decrypting data with the 
old password and re-encrypting it with the new password. In Blakley, III et al., these two 
steps occur simultaneously. Therefore it would have been obvious to a person of 
ordinary skill in the art at the time the invention was made to change passwords in the 
system of Bertina et al. and Kaufman according to the method of Blakley, III et al., 
thereby letting users update their passwords. 

Conclusion 

22. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Shear (4827508) presents a portable storage device that has 
stored thereon a plurality of databases, each encrypted with its own key, and the keys. 
The keys can be encrypted (lines 1-2 of column 5). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Douglas J. Meislahn whose telephone number is (703) 
305-1338. The examiner can normally be reached on between 9 AM and 6 PM, 
Monday through Thursday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A. Morse can be reached on (703) 308-4789. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). _ / ✓ / 
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Examiner 
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